Nodes allow decker to perform actions based on the type of node. Data nodes contain files that can be downloaded, edited or deleted. IO nodes can be disabled or enabled. Security nodes allow decker to cancel system alert. CPU nodes allow decker to gain map of nodes, create backdoor access or shutdown the whole system.

Any use of these actions require use of Stealth software. If no Monitor ICE is present, decker only has to overcome node rating. If Monitor ICE is present in the node, the skill check is harder by the rating of the ICE. Monitor ICE will also raise alert when unauthorized node action is detected. Because of this risk, deckers will usually try to Deceive or destroy Monitor ICE first to make node actions safer and avoid system alerts.

When the Monitor ICE is alerted to decker’s presence, it will block all node actions and try to raise system alert. It will also alert any other ICE in the same node. If the node is CPU node, the ICE may attempt to shutdown the system to disconnect all users.

When system is alerted, all ICE in the system are notified. Those dedicated to reaction security will move to node where the alert originated from to deal with the intruder. System alert can last even after the decker has disconnected or was kicked from the system. Red alert is usually decreased to yellow as soon as any active threat to system is removed. Yellow alert can remain in place in the system for several days depending on the system security. If mission contract specified that no alert can be raised, the mission fails as soon as the Red alert is set in the system, regardless of whether decker is later able to cancel it using Security node.

Basic task each decker has to perform during almost all missions is bypassing of the Firewall ICE. This ICE controls connections to secure parts of system and should allow only authorized users. Decker has to deal with it to gain access inner parts of the system.

Decker has 3 options how to bypass this ICE.

1) Stealth software – trying to move through ICE will automatically try to use Stealth software and hide decker’s presence to ICE. Skill check using stealth skill, firmware and software against ICE and node rating will be made. If check is successful then decker will move to next node without alerting ICE. Otherwise move is blocked and on critical fail the ICE will be alerted. If ICE is already alerted, this method cannot succeed.

2) Deceive software – Select ICE and run Deceive software. Skill check using stealth skill, firmware and deceive software against ICE and node rating will be made. If successful then ICE will be deceived for a number of turns, depending on level of success, and will allow decker to pass through. ICE will be alerted on critical fail. Again if ICE is already alerted, this method cannot succeed.

3) Attack/Virus software – Decker may simply destroy the ICE using attack or virus software. This skill check uses attack skill, firmware and software against ICE and node rating. Level of success determines the amount of damage to the ICE integrity. ICE will become alerted when Attack software is used and will try to raise system alarm.

Clearly stealthy approach is preferable but may not be possible if the ICE is already alerted. Special types of the Firewall ICE can also be more resistant to Stealth and Deceive programs making it harder to succeed with them.

During contract missions, decker has to overcome system defense for each use of software or node action. That means comparing decker’s skill, firmware and software level against node rating, ICE rating and a bit of luck. Each software has different base chance for success on use. For example Scan software has 60% chance of success if decker’s skill, firmware and software level are same as node and ICE rating. Higher chances also allow better results – decreasing scan time or increasing damage during attack.

Each check has also 5% critical fail chance and a minimum 5% success chance regardless of the odds. Critical fail during skill check means that ICE will become alerted immediately and will raise a system alert.

Decker’s income comes mainly from completing of the contracts. Contracts specify what target system they need to penetrate and what actions they need to perform to successfully finish mission and what is the deadline. Deckers choose contracts from a list of available contracts. Completing contracts raises decker’s reputation which will allow her to access better, more prestigious contracts.

Goals include downloading/erasing/editing data file, disabling IO node, creating backdoor in CPU node or running client provided software in specific node. More complicated contracts can specify that system must not be alerted to decker’s presence or that no ICE can be destroyed. All of the goals in the contract need to be completed before deadline or contract is failed and decker will not receive any payment. Furthermore, decker’s reputation will suffer as a result of a failed mission.

Deckers also gain skill points by successfully completing contracts. These points can then be invested to permanently increase one of the skills. Skill cost is increasing as skills reach higher ranks.

Mission does not need to be finished in one cyberspace session. Deckers can for example access the system, create backdoor, disconnect and reconnect few days later using the created backdoor. The only limit is the deadline of the contract.

Outside of missions deckers can use Programming and Chip design. Programming allows deckers to write their own software, possibly creating better versions than publicly available. Chip design enables them to invent and burn their own hardware, enhancing their deck statistics.

Deck is a slang term for state of the art computer, which deckers use for their hacking runs. Deck can be upgraded with different chips to enhance it’s statistics.

Each deck has 4 types of firmware that is used for running different types of software. These correspond to skills outlined above – Attack firmware enhances attack software, Analysis firmware analytic software and the same for Stealth and Defense firmware.

Deck has also CPU rating which limits how good firmware and software the deck can run. Even higher level software running on lower level CPU will only have the rating of the CPU.

Each software also has to be loaded into memory before it can be used in cyberspace. Available memory of the deck is thus very important statistic. It is not possible to load software that uses more than available memory of the deck. Software can be loaded and unloaded during mission, but it takes valuable time to transfer the software. Decker can prepare loaded software before each mission.

Analyze

Attack

Tries to reduce integrity of ICE construct. If the integrity reaches zero, ICE construct shatters and is destroyed in cyberspace. Destroyed ICE will be reconstructed and will reenter system using ICE entry node. Any attack alerts the ICE. Amount of integrity damage depends on decker’s skill, software rating and ICE rating.

Client

Client provided software as part of mission contract. Decker has to run this software in specific node to complete mission goal.

Deceive

Deceive software tries to mask user identity to target ICE. If the ICE is deceived it believes the decker has legitimate passcode for any action he performs – Firewall ICE will allow passage, Monitor will allow any node action, Scanner will accept the passcode. Worm ICE cannot be deceived. Deceive will last only for a limited time, depending on decker’s level of success and ICE rating.

Decoy

Decoy software will create copies of decker’s cyberspace avatar which will prevent ICE from attacking her directly. Any ICE attack will hit and destroy decoy instead of decker. Number of decoys vary depending on software rating. Each use degrades software rating.

Decrypt

Decrypt is used to clear a file from a Worm ICE. Failed attempt to remove the ICE will destroy the file.

Defense

Defense software guards decker’s cyberspace avatar from damage. Higher rating of this software provides higher protection. Rating of this software is degraded by ICE attacks until the program is reloaded.

EMP

This software will overload the node with commands and data. It grants decker a bonus for defense, bonus for stealth actions and ICE will lose track of her. EMP lasts only for limited time, node then returns to normal. Using this software alerts all ICE in the node.

Evaluate

Software scans all valuable files in the node and returns possible market value of the files. This allows decker to pick most valuable files from the data node.

Medic

Medic software that reconstructs integrity of decker’s cyberspace avatar. Each use will degrade it’s rating.

Shield

Silence

Running this software cuts off the node from communicating with rest of the system. ICE will not be able to raise alert when Silence is in effect. Effect lasts only for a limited time.

Slow

Slows down ICE actions by overloading it with requests. It will take more time for ICE to perform any action. This software alerts ICE.

Stealth

Passive software that is always running. Any node action that decker performs needs to bypass Monitor ICE security protocols with Stealth. It is also used when trying to move through Firewall ICE. Depending on rating of software and ICE, use of Stealth can be detected and ICE will trigger an alert.

Virus

This runs a slow virus attack against ICE. Using this software will not trigger an alert. ICE starts losing it’s integrity and when that reaches zero, ICE will shatter.

Intrusion Countermeasure Electronics are software constructs in cyberspace that secure the system against unauthorized use, monitor users and remove or analyze threat once it’s found. Each ICE has a rating which specifies it’s effectiveness. Rating is hidden from users but decker can run analyze software to determine ICE type and rating. If the ICE is triggered – either through user checks or system alert – it goes into alerted status. In this status user requests are blocked until the alert is over.

Firewall ICE

Firewall acts as a barrier against unauthorized users. This ICE sits before link to other node and users have to provide passcode to move through this link. Deckers can find passcode inside data in the system or they can attempt to hack the ICE to allow passage.

Scanner ICE

Scanner ICE roams inside the system and performs user checks in each node it passes. Every user is asked to provide passcode, if the passcode is not valid the ICE raises alert level. If system alert reaches red level, ICE alerts all other ICE in the node. If a user leaves the node before providing passcode, scanner ice will follow her and alert ICE in every node they enter.

Monitor ICE

This ICE sits in system nodes where higher security is required. It checks and validates every action of users in the node before the action is allowed. This includes the actions deckers use to manipulate files, disable IO nodes or access functions of security/CPU nodes. Failed attempts can trigger the ICE to raise a system alert and inform other ICE in the node.

Attack ICE

Attack ICE is the active defense of systems. After alert is raised or this ICE is otherwise alerted, it attacks the integrity of intruder’s cyberspace avatar. When decker’s cyberspace integrity reaches zero, she is dumped from system. There are also illegal variants of attack ICE that try to cause a force feedback surge in the decker’s brain, causing physical damage and possibly killing the decker.

Worm ICE

Worm ICE sits on top of mission critical files inside Data node and guards it against access. Users without passcode are denied all access and any detected attempt to tamper with file will cause the ICE to raise system alert and delete the file to prevent data leak. Deckers have to use special decrypt software to try and remove the worm without damaging the file.